Support Page

SPAM!
Mail Black List Sites
www.njabl.org
www.ordb.org

Port Numbers
http://www.iana.org/assignments/port-numbers

NMAP -http://www.insecure.org
Excellent Network Scanner

Wireless security do's and don't's

Treat wireless zone like an External zone or DMZ
No DHCP on the wireless zone
Enable MAC address filtering
Enable WEP with a passphrase
Enable feature to prevent broadcasting (if feature is available)
Install an IDS in the wireless zone
Install numerous honeypot wireless access points (to throw them off the scent)

Some explanations (courtesy netstumbler forum
http://forums.netstumbler.com/showthread.php?s=0296f03cdd989d79d3864605760dee8c&threadid=1797&perpage=15&pagenumber=3)

1. By disabling SSID broadcasts, you effectively make your wireless network disappear. Only authorized clients that have he correct SSID can connect to your network. Even Netstumbler can't see the network.

2. Use WEP even though it can be cracked, it's better that no
encryption. Also cracking the WEP key would require a steady network flow to capture enough packets the begin working on the key. Most Wardrivers, aren't going to have access to your system long enough to worry about it, they see WEP enabled and move on. There are too many unencrypted networks out there already, why waste time working on one that has encryption turned on.

3. By setting Mac filters on your AP's you can effectivly control who's able to connect to them for use. Granted, it's not going to be an easy solution to implement if you had hundreds of users that could possibly connect to a given AP. But if you maintained strict control of AP access to those who really need it you limit the exposure for abuse to your network.

4. Do a walk through with a wireless laptop to see where your hotspots for your network are. It's always a good thing to know that if you have a big hotspot with access available to video store parking lot next door to your office. That's a good place for wardrivers to stop and park to leech off your network. By knowing your footprint, you can reposition your AP's to minimize the amount of bleed through that you have available.

Wireless Troubleshooting
Where's the "any Key"?
CA Licensing
Windows Print Server
How to rebuild Windows Print Server (spoolsv.exe problems)
Solution courtesy JSIINC: Solution 4900
Hide details for JSIINC 4900JSIINC 4900
Begin Ref: www.jsiinc.com Article 4900
"4900 » Spoolsv.exe has generated errors and will be closed by Windows?
When you open the Printers window on your Windows 2000 Professional Start menu, or when you try to print, you receive the subject error message or one of the following:
Printer operation cannot continue due to lack of resources.
Subsystem unavailable.
These errors are indicative of a damaged printer driver.
To fix the problem:
1. Right-click each printer in the Printers window and press Delete. Press Yes when prompted.
2. Right-click Printers and press Open.
3. In the File menu, press Server Properties.
4. Select the Drivers tab and Remove all the drivers, pressing Yes when prompted.
5. For safe-keeping, use Regedit to export:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print
6. Delete any sub-keys, if they exists, from:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3
7. Delete any non-default sub-keys from:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors
The default monitors are:
AppleTalk Printing Devices
Local Port
PJL Language Monitor
Standard TCP/IP Port
USB Monitor
Windows NT Fax Monitor
8. Delete any sub-keys from:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers
9. Exit the Registry Editor and shutdown / Restart your computer.
10. Install any necessary printers."
End Ref: www.jsiinc.com Article 4900

Microsoft Internet Explorer
(307719)To put your Internet Explorer 6.0 Favorites in alphabetical order,
follow these steps:
Start Internet Explorer.
Click Favorites, and then select a single Favorites icon from the list.
Right-click the icon, and then click Sort by Name.

Microsoft Office
Micrososft Exchange Server 5.5
Microsoft Word
Microsoft Domains and Firewall config Show details for 179442179442

Lotus Domino Date Registry Fix
Microsoft Licensing Info
Axapta Sizing Tool Lotus Notes - iNotes
Telstra

Phone Number Identify: 1272 2123

Cisco
outbound 10 deny 0.0.0.0 0.0.0.0 0 0
outbound 10 permit 172.16.1.5 255.255.255.0 0 ip
outbound 10 permit 172.16.1.6 255.255.255.0 0 ip
apply (inside) 10 outgoing_src
[or apply (inside) 10 outgoing_dest]


IIS
Windows XP
Tip source: ActiveWin
If you have to reinstall Windows XP you normally will have to reactivate too. Well not anymore. Just copy wpa.dbl after you activated the first time. It is located in the WINDOWS\system32 folder. Now if you reinstall Windows XP just copy the file back and you're up and running again

Windows 2000 Professional

Windows 2000
Roaming Profiles - problems
SUS
SUS Client: http://www.microsoft.com/Windows2000/downloads/recommended/susclient/download.asp
Configure SUS Client: 328010

Terminal Server http://microsoft.com/windowsxp/remotedesktop/
Hide details for Active Directory Best PracticesActive Directory Best Practices
Up-to-Date Best Practices

To alleviate the risks that an upgrade presents and to provide the easiest possible path to a completely AD environment, follow these best practices:

NB: VERY IMPORTANT!!! When configuring an NT server for the follwoing procedure,
MAKE SURE THAT THE DNS DOMAIN NAME IN THE PROPERTIES OF TCP/IP IS THE NEW ACTIVE DIRECTORY DOMAIN NAME!!!
Otherwise you will have what is called a "disjointed domain", eg machine name will be SERVER.OLD_NT_DOMAIN, not SERVER.activedirectory.com.au
This will cause you MAJOR problems with Active Directory

Make a new PDC, and upgrade it. Perform a clean installation of NT, and create a new Backup Domain Controller (BDC) in your NT domain.
Promote that computer to be the domain's PDC, and perform the Win2K upgrade on the newly promoted PDC. This step ensures that the computer you upgrade is in the best possible condition.

Keep a BDC offline during the upgrade. If all else fails, you can take your failed-to-upgrade PDC offline, bring your spare BDC back online, and promote it to PDC. Within just a few minutes, you're back at square one and operating normally. Make sure the spare BDC is up-to-date before taking it offline and starting the PDC's upgrade.

If you choose to keep a BDC offline during your upgrade, use NT's Server Manager to force the NT domain to replicate. That will ensure the BDC has an accurate copy of the domain, making it a useful backup.

Clean up your domain before upgrading. Delete old user accounts and group accounts, and get everything into tip-top shape. Most especially, use the Server Manager application to delete any old computer accounts. You'll help speed the upgrade process and ensure a cleaner AD domain when the upgrade is complete.

Upgrade all NT domains, then merge them. If you have multiple NT domains, upgrade each domain into a separate AD domain. Then move all the users and groups into your root AD domain and decommission the other domains.

The last tip is the toughest one to architect. Ideally, the first NT domain you upgrade should become a new AD root domain. Subsequent NT domains should be upgraded into child domains of that root. This process makes an easy task of migrating the child domain users and groups into the root domain and collapsing the structure into a single root domain. If there are political reasons that prevent you from taking this approach, migrate each NT domain into a separate AD root domain. Create trusts between those roots to form a forest, then move users and groups from domain to domain until everything's where you want it to be. You can then decommission any empty, unused domains.

Portions copyright © 2001 Realtimepublishers

Microsoft Windows Time - Important for Active Directory
(832017) The Windows Time system service maintains date and time synchronization on all Windows XP and Windows Server 2003-based computers on a network. This service uses Network Time Protocol (NTP) to synchronize computer clocks so that an accurate clock value, or timestamp is assigned for network validation and for resource access requests. The implementation of NTP and the integration of time providers help make Windows Time a reliable and scalable time service for your enterprise. For computers that are not joined to a domain, you can configure Windows Time to synchronize time with an external time source. If this service is turned off, the time setting for local computers is not synchronized with a time service in the Windows domain or with an externally configured time service. Windows Server 2003 uses NTP. NTP runs on UDP port 123. The Windows 2000 version of this service uses Simple Network Time Protocol (SNTP). SNTP also runs on UDP port 123.

System service name: W32TimeApplication protocol Protocol Ports
NTP TCP 123
SNTP UDP 123

Active Directory - Troubleshooting HOW TO: Optimize Group Policy for Logon Performance in Windows 2000
315418

Group Policy Solutions:
Block access to USB storage devices:
"It needs to write a key at the following node:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
You may deny the access to this node.
If you need to apply it to many users, you may set the Group Policy to deny
the access to the registry from the domain user and computer management."

Windows NT
Rebuilding NT Servers
NT Browser Issues

COMPAQ

File attachment "C.DTF"

The answer to your problem is this:

The sender has sent you a file attachment.
His (or her) email client (Outlook Express in this case), has a setting which "chops up" any file attachments larger than 250kb into 250kb chunks

That is why you got 4 emails from him (or her), with subject line as:
Re: Company Profile.doc [1/4]
Re: Company Profile.doc [2/4]
Re: Company Profile.doc [3/4]
Re: Company Profile.doc [4/4]

the problem with sending emails like this, is that you (David) has to do alot of work to put the jigsaw puzzle back together....
What you would have to do is detach all of these files, then copy and paste them into 1 big file, then you would have to run a MIME Decode over the file, and
hopefully, the file will be put back together again properly.... like I said, alot of mucking around.....

The easy answer is to get this person to disable this setting, and send you 1 email with the attachment in tact...


RedHat Linux Install RPM
rpm -Uvh rpmpackage

list a directory: ls -l


Lotus Notes

Important Note: To solve this issue, do not simply replace the design of the mail template with the 5.0.7 mail template. You must perform the following steps in order to completely fix the issue.

1. In the Notes mail file, select Actions, Tools, Preferences.
2. Select the Calendar tab, then select the Free Time sub-tab.
3. Uncheck/deselect the days of the week that are currently listed with available times. Click OK.
4. Replace the design of the mail file with the 5.0.7 mail template (choose "Local" if upgrading the client or "Server" if upgrading the server).
5. Select Actions, Tools, Preferences.
6. Select the Calendar tab, then the Free Time sub-tab.
7. Select the days of the week that were previously selected as being available. Click OK.
The reason why this process has to be done is because the template updates only the design elements, and not the values. By selecting the days of the week after the design of the mail file is replaced, the new values will be updated correctly.

Phone Message icon creation (Notes version 6)
- Right-click in Toolbar - Toolbar Preferences
- New Button
- Choose icon
- enter the following formula : @Command ( [Compose] ; @MailDbName ; "Phone Message") and click on the green tick mark to validate


GNATBOX

Mobile VPN :
Source: Any
Dest: Ext IP of Firewall eg 203.30.131.254
Protocol: TCP
Port: 50

How to Reset ROBOX

To reset a RoBoX system you will need the following -

· terminal or terminal emulation software.
· DB9 to DB9 file transfer cable. If you do not have a terminal.

Attach a terminal or use terminal emulation software with the settings below.

Emulation - VT 100

Port - the com port used on the system.
Baud Rate - 19200
Data - 8
Parity - none
Stop - 1
Flow control none or hardware

Reboot the RoBoX.

You will see a count down for when the system will automatically
boot. After this you will see GNAT Box RoBoX 3.2.4s. Immediately press
control r. The window to hit this is very small. So, you have to pay
attention and be very quick.

The system will partially load. And you will get the following question -

Are you sure you want to reset your configuration? ("yes" or " no"). You
must enter the entire word yes. Any other key touched and the system will
reboot.

An attempt is made to preserver the serial and feature codes.


Alcatel Speed Touch

Configuring the Alcatel Pro for Bridged mode

It is possible to bridge the Alcatel SpeedTouch Pro to act as bridge. In
order
to do this you will require PPPoE software, such as RASPPPoE or
Enternet, to
establish a connection.


Open the web interface by opening a browser to the IP address of the Pro
router.

From the interface select 'PPP' from the left hand menu, and delete all
entries.

Next select 'Phonebook', and delete all entries as well.
Create a new 'Phonebook' entry with the following details and click
'Add':

Name: Bridge
VPI:   8
VCI:  35
Type: Bridge

Then select 'Bridge' from the menu and add the Bridge connection - leave
the
default settings as they are.

Once this is added, click 'Save All' to save the bridged configuration.

Connect the modem to the ethernet port of the computer with the PPPoE
software
and create the dialler within the software.


Background Information
Automatically displays relevant information about a Windows computer on the desktop's background,
such as the computer name, IP address, service pack version, and more.
URL : http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml

PXE-boot on floppy
On the following website, you'll find a PXE floppy disk with more supported network cards than the RIS one:
http://www.argontechnology.com/rbfg/index.shtml

O'Reilly

http://doc.novsu.ac.ru/oreilly

Adobe Acrobat Reader
How to Disable Web Browser Integration.
1. In Acrobat or Adobe Reader, choose Edit > Preferences > Internet.
2. Deselect Display PDF in Browser, and then click OK

PDF file doesn't open in Web browser (Acrobat 6.0 or Adobe Reader 6.0 on Windows)
Solution 1: Update to Adobe Acrobat 6.0.1 or Adobe Reader 6.0.1.
-- To update to Acrobat 6.0.1:
1. Start Acrobat 6.0.
2. Choose Help > Update.
3. Follow the on-screen instructions to install the update.

Solution 2: Save the PDF file to your hard drive, and open it in Acrobat or Adobe Reader.
1. Right-click the link to the PDF file on the Web site, and then choose Save Target As (Internet Explorer) or Save Link As (Netscape Navigator).
2. In the Save As dialog box, select a location on the hard disk, and then click Save.
3. Double-click the PDF file to open it in Acrobat or Adobe Reader.

Good Web Design
http://www.webstyleguide.com/index.html?/contents.html

Excellent IT Baseline website

http://www.bsi.de/gshb/english/menue.htm

Knoppix
* How to mount a windows share in knoppix:
From a ROOT Shell:
>mkdir winshare
>smbmount \\192.168.0.1\c$ ./winshare -o username=administrator password=password

* To copy all files from a Hard Disk to the windows share:
>cp -Rp /mnt/hda1/* ./winshare